// WordPress core vulnerabilities
var vulns = Array (
["WordPress 'xmlrpc.php' Remote Security Bypass Vulnerability","3.0.1","3.0.2","WordPress is prone to a security bypass vulnerability because the application fails to properly perform user-profile checks. Remote attackers with 'Author' and 'Contributor' privileges can exploit this issue to improperly edit, publish, or delete posts under certain circumstances. Note that successful exploitation requires the application to be enabled with the remote publishing feature. WordPress version 3.0.2 is vulnerable; prior versions may also be affected.","http://www.securityfocus.com/bid/45299/","http://secunia.com/advisories/42553/","https://wordpress.org/news/2010/12/wordpress-3-0-3/","","","CVE-2010-5106","CWE-264","AV:N/AC:L/Au:S/C:P/I:P/A:P/E:H/RL:OF/RC:C","","Update to WordPress version 3.0.3 or latest","12/09/2010"],
["WordPress 2.8.3 Admin Password Reset Security Bypass Vulnerability","0.6.2","2.8.3","WordPress is prone to a security bypass vulnerability because it fails to adequately restrict access to the password reset feature. An attacker can exploit this issue to reset the administrator password of the application. Repeated attacks may allow the attacker to cause persistent Denial of Service conditions. WordPress version 2.8.3 is vulnerable; prior versions may also be affected.","http://archives.neohapsis.com/archives/fulldisclosure/2009-08/0114.html","http://blog.sucuri.net/2009/08/wordpress-2-8-3-remote-admin-reset-password.html","http://packetstormsecurity.org/files/view/80258/wordpress-adminreset.txt","http://secunia.com/advisories/36237","","CVE-2009-2762","CWE-255","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C","","Update to WordPress version 2.8.4 or latest","08/10/2009"],
["WordPress 2.9.1 Trashed Posts Security Bypass Vulnerability","2.9","2.9.1","WordPress is prone to a security bypass vulnerability because it fails to properly restrict access to trashed posts. An attacker can exploit this vulnerability to perform otherwise restricted actions and subsequently view other authors' trashed posts, which may aid in launching further attacks. WordPress versions 2.9 and 2.9.1 are vulnerable.","http://www.securityfocus.com/bid/38368/exploit","http://www.exploit-db.com/exploits/11441/","http://packetstormsecurity.org/files/view/86274/wpurl-bypass.txt","http://secunia.com/advisories/38592/","https://wordpress.org/news/2010/02/wordpress-2-9-2/","CVE-2010-0682","CWE-264","AV:N/AC:L/Au:S/C:P/I:N/A:N/E:POC/RL:OF/RC:C","","Update to WordPress version 2.9.2 or latest","02/13/2010"],
["WordPress 'wp-admin/admin.php' Module Configuration Security Bypass Vulnerability","0.6.2","2.8","WordPress is prone to a security bypass vulnerability. Authenticated attackers may exploit this issue to gain access to configuration scripts, which may allow them to obtain sensitive information or elevate privileges; other attacks may also be possible. WordPress versions 2.8 and prior are vulnerable.","http://corelabs.coresecurity.com/index.php?action=view&type=advisory&name=WordPress_Privileges_Unchecked","http://www.exploit-db.com/exploits/9110/","http://www.securiteam.com/securitynews/5QP0E0KRQM.html","","","CVE-2009-2334","CWE-287","AV:N/AC:M/Au:S/C:P/I:P/A:N/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","Update to WordPress version 2.8.1 or latest","07/08/2009"],
["WordPress 2.3.3 Directory Traversal Vulnerability","0.6.2","2.3.3","WordPress is prone to a directory traversal vulnerability because it fails to sufficiently sanitize user-supplied input data. Exploiting the issue may allow an attacker to access sensitive information that could aid in further attacks. WordPress 2.3.3 is vulnerable; other versions may also be affected.","http://www.securityfocus.com/bid/28845/exploit","http://www.exploit-db.com/exploits/31670/","http://secunia.com/advisories/29949/","","","CVE-2008-4769","CWE-22","AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","Update to WordPress version 2.5.1 or latest","04/18/2008"],
["WordPress 2.8.1 Comment Author URI Cross-Site Scripting Vulnerability","0.6.2","2.8.1","WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. WordPress versions prior to 2.8.2 are vulnerable.","http://www.exploit-db.com/exploits/9250/","http://packetstormsecurity.org/files/view/79605/wp281-xss.txt","http://www.securityfocus.com/bid/35797/exploit","http://secunia.com/advisories/35946/","https://wordpress.org/news/2009/07/wordpress-2-8-2/","CVE-2009-2851","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:F/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress version 2.8.2 or latest","07/21/2009"],
["WordPress 2.8.2 Multiple Security Bypass Vulnerabilities","2.0","2.8.2","WordPress is prone to multiple security bypass vulnerabilities. Authenticated attackers may exploit these issues to gain access to administrative functions, which may allow them to obtain sensitive information or elevate privileges; other attacks may also be possible. WordPress versions prior to 2.8.3 are vulnerable.","http://secunia.com/advisories/36146/","https://wordpress.org/news/2009/08/wordpress-2-8-3-security-release/","","","","CVE-2009-2853,CVE-2009-2854","CWE-264","AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C","","Update to WordPress version 2.8.3 or latest","08/04/2009"],
["WordPress 2.6.1 Lost Password SQL Column Truncation Unauthorized Access Vulnerability","0.71","2.6.1","WordPress is prone to an unauthorized access vulnerability. Successfully exploiting this issue will allow attackers to reset the password of arbitrary accounts. WordPress 2.6.1 is vulnerable; prior versions may also be affected.","http://www.suspekt.org/2008/08/18/mysql-and-sql-column-truncation-vulnerabilities/","http://www.exploit-db.com/exploits/6397/","http://www.exploit-db.com/exploits/6421/","http://packetstormsecurity.org/files/view/69821/wordpress261-admin.txt","","CVE-2008-4106,CVE-2008-4107","CWE-20","AV:N/AC:H/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C","","Update to WordPress version 2.6.2 or latest","08/24/2009"],
["WordPress 2.8 Multiple Existing/Non-Existing Username Enumeration Weaknesses","0.6.2","2.8","WordPress is prone to multiple username enumeration weaknesses because it displays different responses to requests depending on whether or not the username exists. Attackers may exploit these weaknesses to discern valid usernames, which may aid them in brute-force password cracking or other attacks. WordPress versions prior to 2.8.1 are vulnerable.","http://www.coresecurity.com/content/WordPress-Privileges-Unchecked","http://www.exploit-db.com/exploits/9110/","http://www.securityfocus.com/archive/1/504795","","","CVE-2009-2335,CVE-2009-2336","CWE-16","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C","","Update to WordPress version 2.8.1 or latest","07/08/2009"],
["WordPress 'cat' Parameter SQL Injection Vulnerability","1.5","1.5.1.1","WordPress is prone to an SQL injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation. WordPress versions prior to 1.5.1.2 are vulnerable.","http://www.securityfocus.com/bid/13809/exploit","http://www.securityfocus.com/archive/1/401672","http://packetstormsecurity.org/files/view/38041/wordpressSQL.txt","http://secunia.com/advisories/15517","","CVE-2005-1810","CWE-89","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","Update to WordPress version 1.5.1.2 or latest","05/30/2005"],
["WordPress 'wp-admin/options.php' Remote Code Execution Vulnerability","0.6.2","2.3.2","WordPress is prone to a remote code execution vulnerability because it fails to sufficiently sanitize user-supplied input. Successful exploitation may allow attackers to execute arbitrary code with the privileges of the user running the application, to compromise the application or the underlying database, to access or modify data or to compromise a vulnerable system. WordPress versions prior to 2.3.3 are vulnerable.","http://www.securityfocus.com/bid/27633/exploit","http://www.exploit-db.com/exploits/5066/","http://www.buayacorp.com/files/wordpress/wp-blog-option-overwrite.txt","http://secunia.com/advisories/28789/","","CVE-2008-5695","CWE-20","AV:N/AC:M/Au:S/C:C/I:C/A:C/E:F/RL:OF/RC:C","","Update to WordPress version 2.3.3 or latest","02/05/2008"],
["WordPress 2.6.3 Cross-Site Scripting Vulnerability","0.6.2","2.6.3","WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. Note that this issue only affects IP-based virtual servers running on Apache 2.x. WordPress versions prior to 2.6.5 are vulnerable.","http://www.securityfocus.com/archive/1/498652","http://packetstormsecurity.org/files/view/72277/wordpressrss-xss.txt","http://secunia.com/advisories/32882/","https://wordpress.org/news/2008/11/wordpress-265/","","CVE-2008-5278","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress version 2.6.5 or latest","11/25/2008"],
["WordPress 'get_edit_post_link()' and 'get_edit_comment_link()' Multiple Eavesdropping Vulnerabilities","0.6.2","2.6","WordPress is a prone to multiple eavesdropping vulnerabilities. Successfully exploiting these issues will allow attackers to obtain sensitive information and possibly to impersonate users and tamper with network data. WordPress versions prior to 2.6.1 are vulnerable.","http://core.trac.wordpress.org/ticket/7359","","","","","CVE-2008-3747","CWE-264","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C","","Update to WordPress version 2.6.1 or latest","08/19/2008"],
["WordPress 'press-this.php' Multiple Cross-Site Scripting Vulnerabilities","2.0","2.5.1","WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. WordPress versions prior to 2.6 are vulnerable.","https://core.trac.wordpress.org/ticket/7220","http://www.exploit-db.com/exploits/32053/","http://www.securityfocus.com/bid/30238/exploit","","","CVE-2008-3233","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress version 2.6 or latest","07/15/2008"],
["WordPress 2.3.2 Post Edit Unauthorized Access Vulnerability","0.7","2.3.2","WordPress is prone to an unauthorized access vulnerability. Attackers can exploit this issue to edit other users' posts. Successfully exploiting this issue may lead to other attacks. WordPress versions prior to 2.3.3 are vulnerable.","http://www.village-idiot.org/archives/2008/02/02/wordpress-232-exploit-confirmed/","http://www.securiteam.com/unixfocus/5HP010KNFK.html","http://secunia.com/advisories/28823/","https://wordpress.org/news/2008/02/wordpress-233/","","CVE-2008-0664","CWE-264","AV:N/AC:L/Au:N/C:P/I:P/A:N/E:POC/RL:OF/RC:C","","Update to WordPress version 2.3.3 or latest","02/07/2008"],
["WordPress Pingback Source URI Denial of Service and Information Disclosure Vulnerabilities","0.6.2","2.1.3","WordPress is prone to multiple vulnerabilities, including Denial of Service and information disclosure vulnerabilities. Attackers can exploit these issues to consume memory and bandwidth resources, thus denying service to legitimate users or to gain information that may aid in further attacks. WordPress versions prior to 2.1 are vulnerable.","http://www.securityfocus.com/bid/22220/exploit","http://www.securityfocus.com/archive/1/458003","http://core.trac.wordpress.org/attachment/ticket/4137/exploit.py","http://secunia.com/advisories/24951/","","CVE-2007-0540","CWE-200,CWE-400","AV:N/AC:L/Au:N/C:P/I:N/A:P/E:F/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","Update to WordPress version 3.6 or latest","01/24/2007"],
["WordPress 2.5 Cookie Integrity Protection Unauthorized Access Vulnerability","0.6.2","2.5","WordPress is prone to a vulnerability that allows an attacker to gain unauthorized access to the affected application. An attacker can exploit this issue to gain administrative access to the application, which can result in total compromise of the affected application. WordPress versions prior to 2.5.1 are vulnerable.","http://www.cl.cam.ac.uk/~sjm217/advisories/wordpress-cookie-integrity.txt","http://www.securityfocus.com/archive/1/491356","http://core.trac.wordpress.org/ticket/5367","http://secunia.com/advisories/29965/","","CVE-2008-1930","CWE-287","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","Update to WordPress version 2.5.1 or latest","04/25/2008"],
["WordPress 'wp-db.php' Character Set SQL Injection Vulnerability","2.0","2.3.1","WordPress is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress version 2.3.1 is vulnerable; other versions may also be affected.","http://www.abelcheung.org/advisory/20071210-wordpress-charset.txt","http://www.securityfocus.com/archive/1/484828","http://www.exploit-db.com/exploits/4721/","http://secunia.com/advisories/28005/","","CVE-2007-6318","CWE-89","AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","Update to WordPress version 2.5 or latest","12/10/2007"],
["WordPress 'admin-ajax.php' SQL Injection Vulnerability","2.1.3","2.1.3","WordPress is prone to an SQL injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. WordPress version 2.1.3 is vulnerable; other versions may also be affected.","http://www.waraxe.us/advisory-50.html","http://www.exploit-db.com/exploits/3960/","http://packetstormsecurity.org/files/view/56875/wp213-ajax.txt","http://secunia.com/advisories/25345/","","CVE-2007-2821","CWE-89","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:UR","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","Update to WordPress version 2.2 or latest","05/21/2007"],
["WordPress Multiple Cross-Site Scripting Vulnerabilities","2.0.11","2.3","WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. WordPress version 2.3 is vulnerable; other versions may also be affected.","http://www.securityfocus.com/bid/27123/exploit","http://securityvulns.ru/Sdocument714.html","http://websecurity.com.ua/1658/","http://websecurity.com.ua/1676/","","CVE-2008-0193","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:UR","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress latest version","01/03/2008"],
["WordPress 2.3.1 Unauthorized Post Access Vulnerability","2.3.1","2.3.1","WordPress is prone to a security bypass vulnerability. Exploiting this issue could allow an attacker to perform otherwise restricted actions and subsequently read draft posts before they have been published. WordPress version 2.3.1 is vulnerable; prior versions may also be affected.","https://core.trac.wordpress.org/ticket/5487","http://www.securityfocus.com/archive/1/485160","http://secunia.com/advisories/28130/","https://wordpress.org/news/2007/12/wordpress-232/","","","CWE-264","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:C","","Update to WordPress version 2.3.2 or latest","12/15/2007"],
["WordPress 2.3 Cross-Site Scripting Vulnerability","2.3","2.3","WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. WordPress version 2.3 is vulnerable.","http://www.waraxe.us/advisory-59.html","http://www.securityfocus.com/archive/1/482905","http://packetstormsecurity.org/files/view/60477/waraxe-2007-SA059.txt","http://secunia.com/advisories/27407/","https://wordpress.org/news/2007/10/wordpress-231/","CVE-2007-5710","CWE-79","AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress version 2.3.1 or latest","10/29/2007"],
["WordPress 'wp-register.php' Multiple Cross-Site Scripting Vulnerabilities","2.0","2.0.1","WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. WordPress version 2.0.1 is vulnerable; other versions may also be affected.","http://www.intelligentexploit.com/view-details.html?id=11613","http://securityreason.com/securityalert/3175","http://blogsecurity.net/wordpress/2-vanilla-xss-on-wordpress-wp-registerphp","http://www.securityfocus.com/bid/25769/exploit","","CVE-2007-5105,CVE-2007-5106","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:UR","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress version 2.0.4 or latest","09/22/2007"],
["WordPress 2.1.1 Cross-Site Scripting Vulnerability","2.1.1","2.1.1","WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks. WordPress version 2.1.1 is vulnerable; other versions may also be affected.","http://www.scip.ch/publikationen/advisories/scip_advisory-2962_wordpress_2.1.1_multiple_script_injection_vulnerabilities.txt","http://www.securityfocus.com/archive/1/461440","http://packetstormsecurity.org/files/view/54793/wp211-csrfxss.txt","http://secunia.com/advisories/24316/","","CVE-2007-1244","CWE-79","AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress version 2.1.2 or latest","02/26/2007"],
["WordPress 'templates.php' Cross-Site Scripting Vulnerability","0.6.2","2.1","WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks. WordPress version 2.1 is vulnerable; prior versions may also be affected.","http://www.securityfocus.com/bid/22534/exploit","https://secunia.com/advisories/24306/","","","","CVE-2007-1049","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress version 2.1.1 or latest","02/12/2007"],
["WordPress 2.1.1 Command Execution Backdoor Vulnerability","2.1.1","2.1.1","An attacker compromised the source code for WordPress 2.1.1 and altered it to include a malicious backdoor. This backdoor introduces a code execution vulnerability that will let remote users inject PHP code or execute operating system commands. The vendor has acknowledged this vulnerability and recommends that all users who have installed version 2.1.1 upgrade to version 2.1.2 or later. This issue appears limited to the 2.1.1 release.","http://ifsec.blogspot.ro/2007/03/wordpress-code-compromised-to-enable.html","http://www.securityfocus.com/archive/1/461794","http://secunia.com/advisories/24374/","https://wordpress.org/news/2007/03/upgrade-212/","","CVE-2007-1277","CWE-94","AV:N/AC:L/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","Update to WordPress version 2.1.2 or latest","03/02/2007"],
["WordPress 2.0.5 Charset Decoding SQL Injection Vulnerability","0.6.2","2.0.5","WordPress is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation. WordPress versions 2.0.5 and prior  are vulnerable.","http://www.securityfocus.com/bid/21907/exploit","http://www.exploit-db.com/exploits/3095/","http://www.hardened-php.net/advisory_022007.141.html","http://secunia.com/advisories/23595/","https://wordpress.org/news/2007/01/wordpress-206/","CVE-2007-0107","CWE-89","AV:N/AC:M/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","Update to WordPress version 2.0.6 or latest","01/06/2007"],
["WordPress 2.0.5 Cross-Site Scripting Vulnerability","0.6.2","2.0.5","WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress versions prior to 2.0.6 are vulnerable.","http://www.securityfocus.com/bid/21782/exploit","http://packetstormsecurity.org/files/view/53299/wp205-xss.txt","http://www.securiteam.com/unixfocus/6I00L20HPM.html","http://secunia.com/advisories/23587/","","CVE-2006-6808","CWE-79","AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress version 2.0.6 or latest","12/27/2006"],
["WordPress 2.0.6 'Zend_Hash_Del_Key_Or_Index' SQL Injection Vulnerability","0.6.2","2.0.6","WordPress is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation. Successful exploits may result in unauthorized access. WordPress versions 2.0.6 and prior are vulnerable.","http://www.securityfocus.com/bid/21983/exploit","http://www.exploit-db.com/exploits/3109/","https://wordpress.org/news/2007/01/wordpress-207/","","","CVE-2007-0233","CWE-89","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","Update to WordPress version 2.0.7 or latest","01/10/2007"],
["WordPress 2.0.5 Invalid CSRF Token Cross-Site Scripting Vulnerability","0.6.2","2.0.5","WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress versions prior to 2.0.6 are vulnerable.","http://www.hardened-php.net/advisory_012007.140.html","http://www.securityfocus.com/archive/1/456048","http://secunia.com/advisories/23595/","","","CVE-2007-0106","CWE-79","AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress version 2.0.6 or latest","11/28/2006"],
["WordPress 'index.php' Cross-Site Scripting Vulnerability","1.5","1.5","WordPress is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to have arbitrary script code execute in the browser of an unsuspecting user. This may help the attacker steal cookie-based authentication credentials and launch other attacks. WordPress version 1.5 is vulnerable.","http://archives.neohapsis.com/archives/bugtraq/2005-05/0251.html","http://www.securityfocus.com/bid/21318/exploit","","","","","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress version 1.5.1 or latest","11/28/2006"],
["WordPress 2.0.4 Multiple Security Vulnerabilities","2.0.4","2.0.4","WordPress is prone to multiple vulnerabilities, including directory traversal, security bypass and Denial of Service vulnerabilities. Exploiting these issues can allow an attacker to obtain sensitive information that could aid in launching further attacks, to perform otherwise restricted actions and subsequently list certain metadata information of other users or to cause a Denial of Service (application crash), thus denying service to legitimate users. WordPress version 2.0.4 is vulnerable.","http://core.trac.wordpress.org/ticket/2591","http://core.trac.wordpress.org/ticket/3142","http://secunia.com/advisories/22683/","","","CVE-2006-5705,CVE-2006-6016,CVE-2006-6017","CWE-22,CWE-264,CWE-400","AV:N/AC:M/Au:S/C:P/I:P/A:P/E:H/RL:OF/RC:C","","Update to WordPress version 2.0.5 or latest","11/02/2006"],
["WordPress 'paged' Parameter SQL Injection Vulnerability","2.0.2","2.0.5","WordPress is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. WordPress version 2.0.5 is vulnerable; other versions may also be affected.","http://www.securityfocus.com/archive/1/438942","http://www.securityfocus.com/archive/1/445374","http://secunia.com/advisories/20928/","","","CVE-2006-3389","CWE-89","AV:N/AC:L/Au:N/C:P/I:N/A:N/E:POC/RL:OF/RC:UR","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","Update to WordPress version 2.1 or latest","07/03/2006"],
["WordPress 2.0.3 Multiple Unspecified Security Vulnerabilities","2.0","2.0.3","WordPress is prone to multiple unspecified security vulnerabilities. Very little information is available on this issue. One of these issues is related to plugins and may allow a remote user to bypass security restrictions. The impact of this will depend on the configuration of WordPress but may permit the execution of arbitrary PHP code. WordPress versions prior to 2.0.4 are vulnerable.","http://secunia.com/advisories/21309/","https://wordpress.org/news/2006/07/wordpress-204/","","","","CVE-2006-4028","CWE-264","AV:N/AC:L/Au:N/C:C/I:C/A:C/E:H/RL:OF/RC:C","","Update to WordPress version 2.0.4 or latest","07/31/2006"],
["WordPress 2.0.2 Username Remote PHP Code Injection Vulnerability","0.6.2","2.0.2","WordPress is prone to a remote PHP code injection vulnerability because it fails to properly sanitize user-supplied input. Successful exploitation may allow attackers to execute arbitrary code with the privileges of the user running the application, to compromise the application or the underlying database, to access or modify data or to compromise a vulnerable system. For a successful exploit of this issue, the MySQL password used in the application must be either blank or trivial to guess. WordPress versions prior to 2.0.3 are vulnerable.","http://retrogod.altervista.org/wordpress_202_xpl.html","http://www.securityfocus.com/bid/18372/exploit","http://packetstormsecurity.org/files/view/46738/WordPress-2.0.2.txt","http://secunia.com/advisories/20271/","https://wordpress.org/news/2006/06/wordpress-203/","CVE-2006-2667,CVE-2006-2702","CWE-94","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","Update to WordPress version 2.0.3 or latest","06/12/2006"],
["WordPress User-Agent SQL Injection Vulnerability","1.5.2","1.5.2","WordPress is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. Successful exploitation could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. WordPress version 1.5.2 is vulnerable; prior versions may also be affected.","http://bugs.gentoo.org/show_bug.cgi?id=121661","http://secunia.com/advisories/19109/","","","","CVE-2006-1012","CWE-89","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","Update to WordPress version 2.0 or latest","03/04/2006"],
["WordPress Multiple Cross-Site Scripting Vulnerabilities","2.0","2.0.1","WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress version 2.0.1 is vulnerable; other versions may also be affected.","http://www.securityfocus.com/archive/1/426304","http://packetstormsecurity.org/files/view/44325/Advisory-17.txt","https://core.trac.wordpress.org/ticket/1686","http://secunia.com/advisories/19050/","","CVE-2006-0985,CVE-2006-1796","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress version 2.0.2 or latest","02/28/2006"],
["WordPress Comment Post Cross-Site Scripting Vulnerability","2.0","2.0","WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress version 2.0 is vulnerable; other versions may also be affected.","http://www.securityfocus.com/archive/1/425043","http://packetstormsecurity.org/files/view/43938/WordPress2.0.0-autorswebsite.txt","","","","CVE-2006-0733","CWE-79","AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:UR","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress version 2.0.1 or latest","02/15/2006"],
["WordPress Cookie Data PHP Code Injection Vulnerability","1.5","1.5.1.3","WordPress is prone to a vulnerability that lets remote attackers inject and execute arbitrary code because the application fails to sanitize user-supplied input. Attackers can exploit this issue to execute arbitrary code within the context of the affected webserver process; this may result in total compromise of the web server. WordPress versions prior to 1.5.2 are vulnerable.","http://www.securityfocus.com/bid/14533/exploit","http://archives.neohapsis.com/archives/fulldisclosure/2005-08/0234.html","http://secunia.com/advisories/16386/","","","CVE-2005-2612","CWE-94","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","Update to WordPress version 1.5.2 or latest","08/10/2005"],
["WordPress 'wp-trackback.php' SQL Injection Vulnerability","1.5","1.5","WordPress is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress version 1.5 is vulnerable.","http://www.securityfocus.com/bid/13655/exploit","http://archives.neohapsis.com/archives/bugtraq/2005-05/0251.html","http://packetstormsecurity.org/files/view/39288/wordpress15sql.txt","http://secunia.com/advisories/15324/","","CVE-2005-1687","CWE-89","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","Update to WordPress version 1.5.1 or latest","05/17/2005"],
["WordPress 'post.php' Cross-Site Scripting Vulnerability","1.5","1.5","WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress version 1.5 is vulnerable.","http://www.securityfocus.com/bid/13663/exploit","http://archives.neohapsis.com/archives/bugtraq/2005-05/0251.html","http://packetstormsecurity.org/files/view/39288/wordpress15sql.txt","","","","CWE-79","AV:N/AC:M/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress version 1.5.1 or latest","05/17/2005"],
["WordPress 'edit.php' Cross-Site Scripting Vulnerability","1.5","1.5","WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress version 1.5 is vulnerable.","http://www.securityfocus.com/bid/13664/exploit","http://archives.neohapsis.com/archives/bugtraq/2005-05/0251.html","http://packetstormsecurity.org/files/view/39288/wordpress15sql.txt","","","","CWE-79","AV:N/AC:M/Au:S/C:N/I:P/A:N/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress version 1.5.1 or latest","05/17/2005"],
["WordPress Multiple Cross-Site Scripting and SQL Injection Vulnerabilities","1.2.1","1.2.2","WordPress is prone to multiple cross-site scripting and SQL injection vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, to steal cookie-based authentication credentials, to compromise the application, access or modify data  or to exploit vulnerabilities in the underlying database. It is reported that WordPress version 1.2.2 does not address all the vulnerabilities and it is still vulnerable to some cross-site scripting and SQL injection issues.","http://www.securityfocus.com/bid/12066/exploit","http://www.securityfocus.com/archive/1/385042","http://www.securityfocus.com/bid/11984/exploit","http://www.securityfocus.com/archive/1/384659","http://archives.neohapsis.com/archives/bugtraq/2004-12/0194.html","","CWE-79,CWE-89","AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","Update to WordPress version 1.5.1 or latest","12/21/2004"],
["WordPress 'wp-login.php' HTTP Response Splitting Vulnerability","1.2","1.2","WordPress is prone to a HTTP response splitting vulnerability. The issue presents itself due to a flaw in the affected script that allows an attacker to manipulate how GET requests are handled. A remote attacker may exploit this vulnerability to influence or misrepresent how web content is served, cached or interpreted. This could aid in various attacks, which try to entice client users into a false sense of trust. WordPress version 1.2 is vulnerable.","http://www.securityfocus.com/bid/11348/exploit","http://www.securityfocus.com/archive/1/377770","http://packetstormsecurity.org/files/view/34611/wordpress12split.txt","http://secunia.com/advisories/12773/","","CVE-2004-1584","CWE-113","AV:N/AC:L/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:L/I:L/A:N","Update to WordPress version 1.2.1 or latest","10/07/2004"],
["WordPress Multiple Cross-Site Scripting Vulnerabilities","1.2","1.2.1","WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress version 1.2.1 is vulnerable; other versions may also be affected.","http://www.securityfocus.com/bid/11268/exploit","http://www.securityfocus.com/archive/1/376766","http://packetstormsecurity.org/files/view/34516/wordpress12.txt","","","","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress version 1.5.1 or latest","09/28/2004"],
["WordPress 'blog.header.php' Multiple SQL Injection Vulnerabilities","0.6.2","0.71","WordPress is prone to multiple SQL injection vulnerabilities because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress versions prior to 0.72 are vulnerable.","http://www.securityfocus.com/bid/8756/exploit","http://www.securityfocus.com/archive/1/340113","http://archives.neohapsis.com/archives/bugtraq/2003-10/0032.html","http://secunia.com/advisories/9937/","","","CWE-89","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","Update to WordPress version 0.72 or latest","10/03/2003"],
["WordPress 0.7 Posts SQL Injection Vulnerability","0.7","0.7","WordPress is prone to an SQL injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation. WordPress version 0.7 is vulnerable; other versions may also be affected.","http://www.kernelpanik.org/docs/kernelpanik/wordpressadv.txt","http://secunia.com/advisories/8954/","","","","CVE-2003-1598","CWE-89","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","Update to WordPress version 0.71 or latest","06/02/2003"],
["WordPress 3.1 Multiple Vulnerabilities","0.7","3.1","WordPress is prone to multiple security vulnerabilities because it fails to properly sanitize user-supplied input. Attackers can exploit these issues to perform unauthorized actions in the context of the logged-in user, crash the affected application and therefore deny service to legitimate users, or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may let the attacker steal cookie-based authentication credentials or launch other attacks. WordPress versions prior to 3.1.1 are vulnerable.","https://core.trac.wordpress.org/ticket/16892","http://secunia.com/advisories/44038/","","","","CVE-2011-4956,CVE-2011-4957","CWE-79,CWE-352,CWE-400","AV:N/AC:L/Au:N/C:N/I:P/A:P/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","Update to WordPress version 3.1.1 or latest","04/05/2011"],
["WordPress 3.0.4 Multiple Vulnerabilities","0.6.2","3.0.4","WordPress is prone to multiple vulnerabilities, including cross-site scripting and information disclosure vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials, or to obtain potentially sensitive information that may aid in other attacks. WordPress versions prior to 3.0.5 are vulnerable.","http://packetstormsecurity.org/files/view/97166/wordpress304-xss.txt","http://packetstormsecurity.org/files/view/97152/wordpress303-xss.txt","http://secunia.com/advisories/43238/","https://wordpress.org/news/2011/02/wordpress-3-0-5/","","CVE-2011-0700,CVE-2011-0701","CWE-79,CWE-200","AV:N/AC:L/Au:S/C:P/I:P/A:N/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N","Update to WordPress version 3.0.5 or latest","02/07/2011"],
["WordPress 3.0.3 KSES Library Cross-Site Scripting Vulnerability","0.6.2","3.0.3","WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress versions prior to 3.0.4 are vulnerable.","http://www.sneaked.net/persistent-xss-vulnerability-wordpress-303-ksesphp","http://secunia.com/advisories/42755/","https://wordpress.org/news/2010/12/3-0-4-update/","","","CVE-2010-4536","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress version 3.0.4 or latest","12/30/2010"],
["WordPress 2.2 Cross-Site Scripting Vulnerability","2.2","2.2","WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress version 2.2 is vulnerable.","http://www.securityfocus.com/archive/1/archive/1/470837/100/0/threaded","http://archives.neohapsis.com/archives/bugtraq/2007-06/0113.html","http://secunia.com/advisories/25541/","","","CVE-2007-3238","CWE-79","AV:N/AC:M/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress version 2.2.2 or latest","08/01/2007"],
["WordPress MU 'wp-includes/wpmu-functions.php' Cross-Site Scripting Vulnerability","1.0","2.6","WordPress MU is prone to a cross-site scripting vulnerability because the application fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may help the attacker steal cookie-based authentication credentials and launch other attacks. WordPress MU versions prior to 2.7 are vulnerable.","http://www.exploit-db.com/exploits/8196/","http://www.securityfocus.com/archive/1/501667","http://packetstormsecurity.org/files/view/75622/wordpressmuhost-xss.txt","","","CVE-2009-1030","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress MU version 2.7 or latest","03/10/2009"],
["WordPress MU 'wp-admin/wpmu-blogs.php' Multiple Cross-Site Scripting Vulnerabilities","1.0","2.5.1","WordPress MU is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. WordPress MU versions prior to 2.6 are vulnerable.","http://www.exploit-db.com/exploits/32444/","http://www.securityfocus.com/archive/1/496852","http://packetstormsecurity.org/files/view/70500/wordpressmu-xss.txt","http://secunia.com/advisories/32060/","","CVE-2008-4671","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress MU version 2.6 or latest","09/29/2008"],
["WordPress 'press-this.php' Remote Security Bypass Vulnerability","0.7","3.1.1","WordPress is prone to a security bypass vulnerability because the application fails to properly perform user-profile checks. Exploiting this issue could allow an attacker to perform otherwise restricted actions and subsequently publish posts under certain circumstances. Note that successful exploitation requires 'Contributor-level' privileges. WordPress versions prior to 3.1.2 are vulnerable.","http://core.trac.wordpress.org/changeset/17710","http://secunia.com/advisories/44372/","","","","CVE-2011-5270","CWE-264","AV:N/AC:L/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C","","Update to WordPress version 3.0.6, 3.1.2 or latest","04/27/2011"],
["WordPress 3.1.2 Multiple Vulnerabilities","3.0.1","3.1.2","WordPress is prone to multiple vulnerabilities, including arbitrary file upload, information disclosure, clickjacking and possibly SQL injection. Exploiting these issues may allow an attacker to upload arbitrary code and run it in the context of the webserver process, which may facilitate unauthorized access or privilege escalation, to obtain sensitive information that may help in launching further attacks or to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress versions prior to 3.1.3 are vulnerable.","http://www.securityfocus.com/bid/47995/exploit","http://www.morningstarsecurity.com/downloads/advisories/Security-Assessment.com%20WordPress%20v3.1.2%20Clickjacking%20Advisory.txt","https://wordpress.org/news/2011/05/wordpress-3-1-3/","","","CVE-2011-3122,CVE-2011-3125,CVE-2011-3126,CVE-2011-3127,CVE-2011-3128,CVE-2011-3129,CVE-2011-3130","CWE-89,CWE-200,CWE-264,CWE-693","AV:N/AC:M/Au:N/C:C/I:C/A:C/E:POC/RL:OF/RC:C","","Update to WordPress version 3.1.3 or latest","05/26/2011"],
["WordPress 2.8.4 Denial of Service Vulnerability","0.6.2","2.8.4","WordPress is prone to a vulnerability which can be exploited by malicious people to cause a Denial of Service. The vulnerability is caused due to the 'wp-trackback.php' script letting users pass multiple source character encodings to the \"mb_convert_encoding()\" function, which can be used to cause a high CPU load, potentially resulting in a DoS, thus denying service to legitimate users. WordPress versions prior to 2.8.5 are vulnerable.","http://rooibo.wordpress.com/2009/10/17/agujero-de-seguridad-en-wordpress/","http://wordpress.org/news/2009/10/wordpress-2-8-5-hardening-release/","","","","CVE-2009-3622","CWE-310","AV:N/AC:M/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","Update to WordPress version 2.8.5 or latest","10/17/2009"],
["WordPress Cookies Security Bypass Weakness","1.5","2.3.1","A weakness has been discovered in WordPress, which can be exploited by malicious people to bypass certain security restrictions. The weakness is caused due to the fact that it is possible to construct the two authentication cookies (\"wordpressuser_*\" and \"wordpresspass_*\") from the data in the \"users\" table. Successful exploitation allows e.g. logging in as administrator, but requires read access to the \"users\" table of the database. The weakness is confirmed in version 2.3.1 and reported in all previous versions down to and including 1.5.","http://www.securityfocus.com/archive/1/483927","http://core.trac.wordpress.org/ticket/5367","http://packetstormsecurity.org/files/view/61150/wordpress-cookie-auth.txt","","","CVE-2007-6013","CWE-287","AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N","Update to WordPress version 2.5 or latest","11/21/2007"],
["WordPress 3.1.3 Multiple SQL Injection Vulnerabilities","3.1","3.1.3","WordPress is prone to multiple SQL injection vulnerabilities because it fails to sufficiently sanitize user supplied data before using it in an SQL query. Exploiting these issues could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress versions prior to 3.1.4 are vulnerable.","https://www.sec-consult.com/fxdata/seccons/prod/temedia/advisories_txt/20110621-0_wordpress_multiple_sqli.txt","http://www.exploit-db.com/exploits/17465/","http://wordpress.org/news/2011/06/wordpress-3-1-4/","","","","CWE-89","AV:N/AC:M/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","Update to WordPress version 3.1.4 or latest","06/21/2011"],
["WordPress 1.5.1.2 Multiple Vulnerabilities","1.0","1.5.1.2","WordPress is prone to multiple vulnerabilities, including cross-site scripting, SQL injection, forgotten password and information disclosure vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, to steal cookie-based authentication credentials, to manipulate mail messages, to obtain sensitive information or to compromise the application, access or modify data  or to exploit vulnerabilities in the underlying database. WordPress versions prior to 1.5.1.3 are affected.","http://www.gulftech.org/advisories/WordPress%20Multiple%20Vulnerabilities/78","http://www.securityfocus.com/archive/1/403699","http://packetstormsecurity.org/files/view/38369/wordpress1512.txt","https://wordpress.org/news/2005/06/wordpress-1513/","","CVE-2005-2107,CVE-2005-2108,CVE-2005-2109,CVE-2005-2110","CWE-79,CWE-89,CWE-200,CWE-702","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C","","Update to WordPress version 1.5.1.3 or latest","06/29/2005"],
["WordPress 'comment_post_ID' Parameter SQL Injection Vulnerability","3.0.4","3.0.4","WordPress is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. Exploiting this issue could allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation. WordPress version 3.0.4 is vulnerable; other versions may also be affected.","http://packetstormsecurity.org/files/view/104989/wp304-sql.txt","","","","","","CWE-89","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:UR","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","Update to WordPress latest version","09/12/2011"],
["WordPress Clickjacking Vulnerability","0.7","3.1.2","WordPress is prone to a clickjacking vulnerability. Successful exploits will allow an attacker to compromise the affected application or obtain sensitive information; other attacks are also possible. WordPress versions prior to 3.1.3 are vulnerable.","http://packetstormsecurity.org/files/view/105293/wordpress-clickjack.zip","https://core.trac.wordpress.org/ticket/12293","","","","CVE-2011-3127","CWE-693","AV:N/AC:M/Au:N/C:P/I:P/A:N/E:POC/RL:OF/RC:C","","Update to WordPress version 3.1.3 or latest","09/22/2011"],
["WordPress 2.0.1 Denial of Service Vulnerability","0.6.2","2.0.1","WordPress is prone to a vulnerability which can be exploited by malicious people to cause a Denial of Service. The vulnerability is caused due to the 'wp-register.php' script against which attackers can trigger repeated registration to cause a high CPU load, potentially resulting in a Denial of Service. WordPress versions 2.0.1 and prior are all vulnerable.","http://www.securityfocus.com/archive/1/427152/30/0/threaded","http://packetstormsecurity.org/files/44497/HYSA-2006-005.txt","http://www.securiteam.com/exploits/5NP062KI0C.html","","","","CWE-400","AV:N/AC:L/Au:N/C:N/I:N/A:P/E:F/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:N/A:H","Update to WordPress version 2.0.2 or latest","03/08/2006"],
["WordPress 3.3 Cross-Site Scripting Vulnerability","3.3","3.3","WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress version 3.3 is vulnerable.","http://oldmanlab.blogspot.ro/2012/01/wordpress-33-xss-vulnerability.html","http://secunia.com/advisories/47371/","https://wordpress.org/news/2012/01/wordpress-3-3-1/","","","CVE-2012-0287","CWE-79","AV:N/AC:H/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress version 3.3.1 or latest","01/02/2012"],
["WordPress Anti-CSRF Token Security Bypass Weakness","3.3.1","3.3.1","WordPress is prone to a security bypass weakness because of a design error in the implementation of anti-CSRF token security feature. An attacker may exploit this issue to bypass anti-CSRF token security protections and perform cross-site request forgery attacks to perform unauthorized actions in the context of a victim's session. This may aid in other attacks. Successful exploitation requires that the attacker must know the anti-CSRF token of the victim within 12 hours by means of other attacks. WordPress version 3.3.1 is vulnerable; other versions may also be affected.","http://www.webapp-security.com/wp-content/uploads/2012/04/Wordpress-3.3.1-Multiple-CSRF-Vulnerabilities6.txt","http://www.exploit-db.com/exploits/18791/","http://packetstormsecurity.org/files/112253/WordPress-3.3.1-Cross-Site-Request-Forgery.html","","","CVE-2012-1936","CWE-352","AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:L/A:N","Update to WordPress latest version","04/27/2012"],
["WordPress 'swfupload.swf' Cross-Site Scripting Vulnerability","2.5","3.3.1","WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress versions prior to 3.3.2 are vulnerable.","http://seclists.org/fulldisclosure/2012/Nov/51","http://packetstormsecurity.org/files/118009/wpswfupload-xss.txt","","","","CVE-2012-3414","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress version 3.3.2 or latest","11/09/2012"],
["WordPress 3.5 Multiple Vulnerabilities","1.5","3.5","WordPress is prone to multiple vulnerabilities, including cross-site scripting, remote port scanning using pingbacks and server-side request forgery vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials or launch other attacks or to make the vulnerable server perform authentication requests to a remote or internal network database which could potentially be used to expose information and compromise a site. WordPress versions prior to 3.5.1 are vulnerable.","http://www.ethicalhack3r.co.uk/introduction-to-the-wordpress-xml-rpc-api/","http://www.acunetix.com/blog/web-security-zone/wordpress-pingback-vulnerability/","http://lab.onsec.ru/2013/01/wordpress-xmlrpc-pingback-additional.html","https://github.com/wpscanteam/wpscan/wiki/WordPress-3.5-Issues","http://wordpress.org/news/2013/01/wordpress-3-5-1/","CVE-2013-0235,CVE-2013-0236,CVE-2013-0237","CWE-79,CWE-918","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H","Update to WordPress version 3.5.1 or latest","01/24/2013"],
["WordPress 4.0 Multiple Vulnerabilities","4.0","4.0","WordPress is prone to multiple vulnerabilities, including cross-site scripting, cross-site request forgery, server-side request forgery and Denial of Service vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials and launch other attacks, to perform certain administrative actions and gain unauthorized access to the affected application, to make the vulnerable server perform authentication requests to a remote or internal network database which could potentially be used to expose information and compromise a site or to consume memory and CPU resources, denying service to legitimate users. WordPress version 4.0 is vulnerable.","http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","http://www.behindthefirewalls.com/2014/12/cve-2014-9016-and-cve-2014-9034-PoC.html","http://secureli.com/wp-content/uploads/2014/11/secureli.com-wordpressed.php_.txt","http://www.exploit-db.com/exploits/35414/","https://github.com/c0r3dump3d/wp_drupal_timing_attack","CVE-2014-9032,CVE-2014-9033,CVE-2014-9034,CVE-2014-9035,CVE-2014-9036,CVE-2014-9037,CVE-2014-9038,CVE-2014-9039","CWE-19,CWE-79,CWE-310,CWE-352,CWE-918","AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C","","Update to WordPress version 4.0.1 or latest","12/19/2014"],
["WordPress 3.9.2 Multiple Vulnerabilities","3.9","3.9.2","WordPress is prone to multiple vulnerabilities, including cross-site scripting, cross-site request forgery, server-side request forgery and Denial of Service vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials and launch other attacks, to perform certain administrative actions and gain unauthorized access to the affected application, to make the vulnerable server perform authentication requests to a remote or internal network database which could potentially be used to expose information and compromise a site or to consume memory and CPU resources, denying service to legitimate users. WordPress versions prior to  3.9.3 are vulnerable.","http://klikki.fi/adv/wordpress.html","http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","http://www.behindthefirewalls.com/2014/12/cve-2014-9016-and-cve-2014-9034-PoC.html","http://secureli.com/wp-content/uploads/2014/11/secureli.com-wordpressed.php_.txt","http://www.exploit-db.com/exploits/35414/","CVE-2014-9031,CVE-2014-9032,CVE-2014-9033,CVE-2014-9034,CVE-2014-9035,CVE-2014-9036,CVE-2014-9037,CVE-2014-9038,CVE-2014-9039","CWE-19,CWE-79,CWE-310,CWE-352,CWE-918","AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C","","Update to WordPress version 3.9.3 or latest","12/19/2014"],
["WordPress 3.8.4 Multiple Vulnerabilities","3.8","3.8.4","WordPress is prone to multiple vulnerabilities, including cross-site scripting, cross-site request forgery, server-side request forgery and Denial of Service vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials and launch other attacks, to perform certain administrative actions and gain unauthorized access to the affected application, to make the vulnerable server perform authentication requests to a remote or internal network database which could potentially be used to expose information and compromise a site or to consume memory and CPU resources, denying service to legitimate users. WordPress versions prior to  3.8.5 are vulnerable.","http://klikki.fi/adv/wordpress.html","http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","http://www.behindthefirewalls.com/2014/12/cve-2014-9016-and-cve-2014-9034-PoC.html","http://secureli.com/wp-content/uploads/2014/11/secureli.com-wordpressed.php_.txt","http://www.exploit-db.com/exploits/35414/","CVE-2014-9031,CVE-2014-9032,CVE-2014-9033,CVE-2014-9034,CVE-2014-9035,CVE-2014-9036,CVE-2014-9037,CVE-2014-9038,CVE-2014-9039","CWE-19,CWE-79,CWE-310,CWE-352,CWE-918","AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C","","Update to WordPress version 3.8.5 or latest","12/19/2014"],
["WordPress 3.7.4 Multiple Vulnerabilities","3.7","3.7.4","WordPress is prone to multiple vulnerabilities, including cross-site scripting, cross-site request forgery, server-side request forgery and Denial of Service vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials and launch other attacks, to perform certain administrative actions and gain unauthorized access to the affected application, to make the vulnerable server perform authentication requests to a remote or internal network database which could potentially be used to expose information and compromise a site or to consume memory and CPU resources, denying service to legitimate users. WordPress versions prior to  3.7.5 are vulnerable.","http://klikki.fi/adv/wordpress.html","http://www.behindthefirewalls.com/2014/11/wordpress-denial-of-service-responsible-disclosure.html","http://www.behindthefirewalls.com/2014/12/cve-2014-9016-and-cve-2014-9034-PoC.html","http://secureli.com/wp-content/uploads/2014/11/secureli.com-wordpressed.php_.txt","http://www.exploit-db.com/exploits/35414/","CVE-2014-9031,CVE-2014-9032,CVE-2014-9033,CVE-2014-9034,CVE-2014-9035,CVE-2014-9036,CVE-2014-9037,CVE-2014-9038,CVE-2014-9039","CWE-19,CWE-79,CWE-310,CWE-352,CWE-918","AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C","","Update to WordPress version 3.7.5 or latest","12/19/2014"],
["WordPress 3.9.1 Multiple Vulnerabilities","3.9","3.9.1","WordPress is prone to multiple vulnerabilities, including cross-site scripting, remote code execution, information disclosure and Denial of Service vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials and launch other attacks, to execute arbitrary code with the privileges of the user running the application, to compromise the application or the underlying database, to access or modify data, to compromise a vulnerable system, to obtain sensitive information or to consume memory and CPU resources, denying service to legitimate users. WordPress versions prior to 3.9.2 are vulnerable.","http://www.breaksec.com/?p=6362","http://lab.onsec.ru/2014/09/wordpress-392-xxe-through-media-upload.html","https://wordpress.org/news/2014/08/wordpress-3-9-2/","","","CVE-2014-5203,CVE-2014-5204,CVE-2014-5205,CVE-2014-5240,CVE-2014-5265,CVE-2014-5266","CWE-79,CWE-94,CWE-352,CWE-399,CWE-611","AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C","","Update to WordPress version 3.9.2 or latest","12/19/2014"],
["WordPress 3.8.3 Multiple Vulnerabilities","3.8","3.8.3","WordPress is prone to multiple vulnerabilities, including cross-site scripting, information disclosure and Denial of Service vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials and launch other attacks, to obtain sensitive information or to consume memory and CPU resources, denying service to legitimate users. WordPress versions prior to 3.8.4 are vulnerable.","http://www.breaksec.com/?p=6362","http://lab.onsec.ru/2014/09/wordpress-392-xxe-through-media-upload.html","http://codex.wordpress.org/Version_3.8.4","","","CVE-2014-5204,CVE-2014-5205,CVE-2014-5240,CVE-2014-5265,CVE-2014-5266","CWE-79,CWE-352,CWE-399,CWE-611","AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C","","Update to WordPress version 3.8.4 or latest","12/19/2014"],
["WordPress 3.8.1 Multiple Vulnerabilities","3.8","3.8.1","WordPress is prone to multiple vulnerabilities, including authentication cookie forgery, security bypass and SQL injection vulnerabilities. Exploiting these issues could allow an attacker to gain access to the website, to perform otherwise restricted actions and subsequently publish posts or to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress versions prior to 3.8.2 are vulnerable.","https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165","https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/","https://github.com/Ettack/POC-CVE-2014-0166","https://wordpress.org/news/2014/04/wordpress-3-8-2/","","CVE-2014-0165,CVE-2014-0166","CWE-89,CWE-264,CWE-287","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C","","Update to WordPress version 3.8.2 or latest","12/19/2014"],
["WordPress 3.7.3 Multiple Vulnerabilities","3.7","3.7.3","WordPress is prone to multiple vulnerabilities, including cross-site scripting, information disclosure and Denial of Service vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials and launch other attacks, to obtain sensitive information or to consume memory and CPU resources, thus denying service to legitimate users. WordPress versions prior to 3.7.4 are vulnerable.","http://www.breaksec.com/?p=6362","http://lab.onsec.ru/2014/09/wordpress-392-xxe-through-media-upload.html","http://codex.wordpress.org/Version_3.7.4","","","CVE-2014-5204,CVE-2014-5205,CVE-2014-5240,CVE-2014-5265,CVE-2014-5266","CWE-79,CWE-352,CWE-399,CWE-611","AV:N/AC:H/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C","","Update to WordPress version 3.7.4 or latest","12/19/2014"],
["WordPress 3.7.1 Multiple Vulnerabilities","3.7","3.7.1","WordPress is prone to multiple vulnerabilities, including authentication cookie forgery, security bypass and SQL injection vulnerabilities. Exploiting these issues could allow an attacker to gain access to the website, to perform otherwise restricted actions and subsequently publish posts or to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. WordPress versions prior to 3.7.2 are vulnerable.","https://github.com/wpscanteam/wpscan/wiki/CVE-2014-0165","https://security.dxw.com/advisories/sqli-in-wordpress-3-6-1/","https://github.com/Ettack/POC-CVE-2014-0166","http://codex.wordpress.org/Version_3.7.2","","CVE-2014-0165,CVE-2014-0166","CWE-89,CWE-264,CWE-287","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C","","Update to WordPress version 3.7.2 or latest","12/19/2014"],
["WordPress 3.6 Multiple Vulnerabilities","2.0","3.6","WordPress is prone to multiple vulnerabilities, including remote code execution, security bypass and open redirect vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary code with the privileges of the user running the application, to compromise the application or the underlying database, to access or modify data, to compromise a vulnerable system, to perform otherwise restricted actions and subsequently create posts \"written by\" another user or to redirect users to arbitrary web sites and conduct phishing attacks. WordPress versions prior to 3.6.1 are vulnerable.","https://vagosec.org/2013/09/wordpress-php-object-injection/","https://vagosec.org/2013/12/wordpress-rce-exploit/","http://seclists.org/fulldisclosure/2013/Dec/174","https://wordpress.org/news/2013/09/wordpress-3-6-1/","","CVE-2013-4338,CVE-2013-4339,CVE-2013-4340,CVE-2013-5738,CVE-2013-5739","CWE-20,CWE-94,CWE-264","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C","","Update to WordPress version 3.6.1 or latest","12/19/2014"],
["WordPress 3.5.1 Multiple Vulnerabilities","2.0","3.5.1","WordPress is prone to multiple vulnerabilities, including cross-site scripting, security bypass, server-side request forgery, XML external entity injection, information disclosure and Denial of Service vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials and launch other attacks, to perform otherwise restricted actions and subsequently publish posts or reassign authorship, to make the vulnerable server perform authentication requests to a remote or internal network database which could potentially be used to expose information and compromise a site, to obtain sensitive information or to consume memory and CPU resources, denying service to legitimate users. WordPress versions prior to 3.5.2 are vulnerable.","https://forum.intern0t.org/exploits-vulnerabilities-pocs/4789-wordpress-3-5-x-persistent-cross-site-scripting.html","http://rdcoll.wordpress.com/2013/06/11/wordpress-password-protected-post-dos-vulnerability/","http://zoczus.blogspot.ro/2014/03/analysis-of-swfupload-cve-2013-2205.html","http://seclists.org/fulldisclosure/2013/Jul/7","https://wordpress.org/news/2013/06/wordpress-3-5-2/","CVE-2013-2173,CVE-2013-2199,CVE-2013-2200,CVE-2013-2201,CVE-2013-2202,CVE-2013-2203,CVE-2013-2204,CVE-2013-2205","CWE-79,CWE-200,CWE-264,CWE-400,CWE-611,CWE-918","AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C","","Update to WordPress version 3.5.2 or latest","12/19/2014"],
["WordPress Cross-Site Scripting Vulnerability","3.0","3.6.1","WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress versions 3.x prior to 3.9.3, 3.8.5 and 3.7.5 are vulnerable.","http://klikki.fi/adv/wordpress.html","http://klikki.fi/adv/wordpress_update.html","http://habrahabr.ru/company/pt/blog/244447/","https://www.youtube.com/watch?v=hRIuaLQfOhs","","CVE-2014-9031","CWE-79","AV:N/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress version 3.7.5, 3.8.5, 3.9.3 or latest","12/19/2014"],
["WordPress 3.4.1 Multiple Vulnerabilities","2.0","3.4.1","WordPress is prone to multiple vulnerabilities, including cross-site scripting and security bypass vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials and launch other attacks and to perform otherwise restricted actions and subsequently publish new posts or make unintended plugin changes. WordPress versions prior to 3.4.2 are vulnerable.","http://codex.wordpress.org/Version_3.4.2","","","","","CVE-2012-3383,CVE-2012-4421,CVE-2012-4422","CWE-79,CWE-264","AV:N/AC:L/Au:S/C:N/I:P/A:N/E:H/RL:OF/RC:C","","Update to WordPress version 3.4.2 or latest","12/19/2014"],
["WordPress 3.4 Multiple Vulnerabilities","3.4","3.4","WordPress is prone to multiple vulnerabilities, including cross-site scripting, security bypass, cross-site request forgery and information disclosure vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials and launch other attacks, to perform certain administrative actions and gain unauthorized access to the affected application or to obtain sensitive information. WordPress versions prior to 3.4.1 are vulnerable.","http://codex.wordpress.org/Version_3.4.1","","","","","CVE-2012-3384,CVE-2012-3385","CWE-79,CWE-200,CWE-264,CWE-352","AV:N/AC:M/Au:N/C:P/I:P/A:P/E:H/RL:OF/RC:C","","Update to WordPress version 3.4.1 or latest","12/19/2014"],
["WordPress 3.3.2 Multiple Vulnerabilities","3.3","3.3.2","WordPress is prone to multiple vulnerabilities, including cross-site scripting, security bypass, cross-site request forgery and information disclosure vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials and launch other attacks, to perform certain administrative actions and gain unauthorized access to the affected application or to obtain sensitive information. WordPress versions prior to 3.3.3 are vulnerable.","http://codex.wordpress.org/Version_3.3.3","","","","","CVE-2012-6633,CVE-2012-6634,CVE-2012-6635","CWE-79,CWE-200,CWE-264,CWE-352","AV:N/AC:M/Au:N/C:P/I:P/A:N/E:H/RL:OF/RC:C","","Update to WordPress version 3.3.3 or latest","12/19/2014"],
["WordPress 3.3.1 Multiple Vulnerabilities","2.0","3.3.1","WordPress is prone to multiple vulnerabilities, including cross-site scripting, security bypass and cross-site request forgery vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials and launch other attacks, to perform otherwise restricted actions and subsequently deactivate network-wide plugins or to perform certain administrative actions and gain unauthorized access to the affected application. WordPress versions prior to 3.3.2 are vulnerable.","https://nealpoole.com/blog/2012/05/xss-and-csrf-via-swf-applets-swfupload-plupload/","http://www.sneaked.net/multiple-vulnerabilities-in-wordpress","https://wordpress.org/news/2012/04/wordpress-3-3-2/","","","CVE-2012-2399,CVE-2012-2400,CVE-2012-2401,CVE-2012-2402,CVE-2012-2403,CVE-2012-2404,CVE-2012-3414","CWE-79,CWE-264,CWE-352","AV:N/AC:M/Au:N/C:N/I:P/A:P/E:POC/RL:OF/RC:C","","Update to WordPress version 3.3.2 or latest","12/19/2014"],
["WordPress 3.0.1 Multiple Vulnerabilities","0.6.2","3.0.1","WordPress is prone to multiple vulnerabilities, including cross-site scripting, SQL injection and security bypass vulnerabilities because it fails to properly sanitize user-supplied input. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials and launch other attacks, to compromise the application, access or modify data, to exploit vulnerabilities in the underlying database or to perform otherwise restricted actions. WordPress versions prior to 3.0.2 are vulnerable.","http://blog.sjinks.pro/wordpress/858-information-disclosure-via-sql-injection-attack/","http://www.exploit-db.com/exploits/15684/","http://cxsecurity.com/issue/WLB-2010080127","https://core.trac.wordpress.org/ticket/13887","http://codex.wordpress.org/Version_3.0.2","CVE-2010-4257,CVE-2010-5293,CVE-2010-5294,CVE-2010-5295,CVE-2010-5296","CWE-79,CWE-89,CWE-264","AV:N/AC:M/Au:S/C:P/I:P/A:N/E:POC/RL:OF/RC:C","","Update to WordPress version 3.0.2 or latest","12/19/2014"],
["WordPress 2.5 Cross-Site Scripting Vulnerability","2.5","2.5","WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress version 2.5 is vulnerable.","http://secunia.com/advisories/29965/","https://wordpress.org/news/2008/04/wordpress-251/","","","","CVE-2008-2068","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:H/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress version 2.5.1 or latest","12/19/2014"],
["WordPress Denial of Service Vulnerability","3.5","3.6.1","WordPress is prone to a Denial of Service vulnerability which can be exploited by malicious people to cause the affected website to consume memory and CPU resources, thus denying service to legitimate users. WordPress versions prior to 3.7.4, 3.8.4 and 3.9.2 are vulnerable.","http://www.breaksec.com/?p=6362","http://codex.wordpress.org/Version_3.7.4","http://codex.wordpress.org/Version_3.8.4","http://codex.wordpress.org/Version_3.9.2","","CVE-2014-5265","CWE-399","AV:N/AC:L/Au:N/C:N/I:N/A:P/E:POC/RL:OF/RC:C","","Update to WordPress version 3.7.4, 3.8.4, 3.9.2 or latest","12/19/2014"],
["WordPress 2.2.2 Multiple Vulnerabilities","2.2","2.2.2","WordPress is prone to multiple vulnerabilities, including cross-site scripting, SQL injection and security bypass vulnerabilities. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials and launch other attacks, to compromise the application, access or modify data or exploit vulnerabilities in the underlying database or to perform otherwise restricted actions and subsequently switch themes or activate/deactivate plugins. WordPress versions prior to 2.2.3 are vulnerable.","http://www.buayacorp.com/files/wordpress/wordpress-sql-injection-advisory.html","http://www.buayacorp.com/files/wordpress/xmlrpc-blind-sql.txt","https://core.trac.wordpress.org/ticket/4720","https://core.trac.wordpress.org/ticket/4748","http://secunia.com/advisories/26771/","CVE-2007-4893,CVE-2007-4894,CVE-2008-2146","CWE-79,CWE-89,CWE-264","AV:N/AC:L/Au:N/C:P/I:P/A:P/E:F/RL:OF/RC:C","","Update to WordPress version 2.2.3 or latest","12/19/2014"],
["WordPress 2.2.1 Multiple Vulnerabilities","2.2.1","2.2.1","WordPress is prone to multiple vulnerabilities, including cross-site scripting, SQL injection and open redirect vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials and launch other attacks, to compromise the application, access or modify data or exploit vulnerabilities in the underlying database or to redirect users to arbitrary web sites and conduct phishing attacks. WordPress version 2.2.1 is vulnerable.","https://core.trac.wordpress.org/ticket/4689","https://core.trac.wordpress.org/ticket/4690","http://www.securityfocus.com/archive/1/archive/1/472885/100/0/threaded","http://secunia.com/advisories/26296/","","CVE-2007-3639,CVE-2007-4139,CVE-2007-4153,CVE-2007-4154","CWE-79,CWE-89,CWE-601","AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","Update to WordPress version 2.2.2 or latest","12/19/2014"],
["WordPress 2.2 Multiple Vulnerabilities","2.2","2.2","WordPress is prone to multiple vulnerabilities, including cross-site scripting, SQL injection and arbitrary file upload vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials and launch other attacks, to compromise the application, access or modify data or exploit vulnerabilities in the underlying database or to upload arbitrary PHP code and run it in the context of the Web server process, which may facilitate unauthorized access or privilege escalation. WordPress version 2.2 is vulnerable.","http://www.buayacorp.com/files/wordpress/wordpress-advisory.html","http://www.exploit-db.com/exploits/4039/","http://www.securityfocus.com/archive/1/470837","http://packetstormsecurity.com/files/view/57108/wordpresstheme-xss.txt","https://wordpress.org/news/2007/06/wordpress-221/","CVE-2007-3140,CVE-2007-3238,CVE-2007-3543","CWE-79,CWE-89,CWE-434","AV:N/AC:L/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:N","Update to WordPress version 2.2.1 or latest","12/19/2014"],
["WordPress 2.1.2 Multiple Vulnerabilities","2.1","2.1.2","WordPress is prone to multiple vulnerabilities, including cross-site scripting, SQL injection and security bypass vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials and launch other attacks, to compromise the application, access or modify data or exploit vulnerabilities in the underlying database or to perform otherwise restricted actions and subsequently publish previously saved posts. WordPress versions prior to 2.1.3 are vulnerable.","http://www.exploit-db.com/exploits/3656/","http://www.buayacorp.com/files/wordpress/wordpress-advisory.txt","http://www.buayacorp.com/files/wordpress/wordpress-theme-exploit.txt","http://chxsecurity.org/advisories/adv-1-mid.txt","https://wordpress.org/news/2007/04/wordpress-213-and-2010/","CVE-2007-1622,CVE-2007-1893,CVE-2007-1894,CVE-2007-1897","CWE-79,CWE-89,CWE-264","AV:N/AC:L/Au:S/C:P/I:P/A:P/E:F/RL:OF/RC:C","","Update to WordPress version 2.1.3 or latest","12/19/2014"],
["WordPress 2.0.9 Multiple Vulnerabilities","2.0","2.0.9","WordPress is prone to multiple vulnerabilities, including cross-site scripting, SQL injection and security bypass vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials and launch other attacks, to compromise the application, access or modify data or exploit vulnerabilities in the underlying database or to perform otherwise restricted actions and subsequently publish previously saved posts. WordPress versions prior to 2.0.10 are vulnerable.","http://www.exploit-db.com/exploits/3656/","http://www.buayacorp.com/files/wordpress/wordpress-advisory.txt","http://www.buayacorp.com/files/wordpress/wordpress-theme-exploit.txt","http://chxsecurity.org/advisories/adv-1-mid.txt","https://wordpress.org/news/2007/04/wordpress-213-and-2010/","CVE-2007-1622,CVE-2007-1893,CVE-2007-1894,CVE-2007-1897","CWE-79,CWE-89,CWE-264","AV:N/AC:L/Au:S/C:P/I:P/A:P/E:F/RL:OF/RC:C","","Update to WordPress version 2.0.10 or latest","12/19/2014"],
["WordPress 2.8.5 Multiple Vulnerabilities","2.8","2.8.5","WordPress is prone to multiple vulnerabilities, including cross-site scripting and arbitrary file upload vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials and launch other attacks or to upload arbitrary PHP code and run it in the context of the Web server process, which may facilitate unauthorized access or privilege escalation. WordPress versions prior to 2.8.6 are vulnerable.","http://www.securityfocus.com/archive/1/507819","http://www.exploit-db.com/exploits/10089/","http://packetstormsecurity.org/files/view/82675/wordpress285-exec.txt","http://secunia.com/advisories/37332/","https://wordpress.org/news/2009/11/wordpress-2-8-6-security-release/","CVE-2009-3890,CVE-2009-3891","CWE-79,CWE-94","AV:N/AC:M/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","Update to WordPress version 2.8.6 or latest","12/19/2014"],
["WordPress 2.6.2 Remote Code Execution Vulnerability","0.70","2.6.2","WordPress is prone to a remote code execution vulnerability because it fails to sufficiently sanitize user-supplied input. Successful exploitation may allow attackers to execute arbitrary code with the privileges of the user running the application, to compromise the application or the underlying database, to access or modify data or to compromise a vulnerable system. WordPress versions prior to 2.6.3 are vulnerable.","http://mstrokin.com/sec/feed2js-magpierss-0day-vulnerability-not-really-it-is-actually-cve-2005-3330-cve-2008-4796/","http://secunia.com/Advisories/32361/","https://wordpress.org/news/2008/10/wordpress-263/","","","CVE-2008-4796","CWE-94","AV:L/AC:M/Au:N/C:P/I:P/A:P/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:N","Update to WordPress version 2.6.3 or latest","12/19/2014"],
["WordPress Cross-Site Scripting Vulnerability","0.70","4.1.1","WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress versions 4.1.1 and earlier are vulnerable.","https://cedricvb.be/post/wordpress-stored-xss-vulnerability-4-1-2/","https://wordpress.org/news/2015/04/wordpress-4-1-2/","","","","CVE-2015-3438","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress version 4.1.2 or latest","04/22/2015"],
["WordPress Cross-Site Scripting Vulnerability","3.9","4.1.1","WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress versions ranging from 3.9 and up to (and including) 4.1.1 are vulnerable.","http://zoczus.blogspot.ro/2015/04/plupload-same-origin-method-execution.html","https://wordpress.org/news/2015/04/wordpress-4-1-2/","","","","CVE-2015-3439","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress version 4.1.2 or latest","04/22/2015"],
["WordPress Cross-Site Scripting Vulnerability","3.9.3","4.2","WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress versions ranging from 3.9.3 and up to (and including) 4.2 are vulnerable; other versions may also be affected.","https://klikki.fi/adv/wordpress2.html","http://seclists.org/fulldisclosure/2015/Apr/84","https://gist.github.com/ethicalhack3r/48d4e3e73c9241bd5b8c","https://www.exploit-db.com/exploits/36844/","http://packetstormsecurity.com/files/131644/WordPress-4.2-Cross-Site-Scripting.html","CVE-2015-3440","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress version 4.2.1 or latest","04/27/2015"],
["WordPress Multiple Cross-Site Scripting Vulnerabilities","4.1","4.2.1","WordPress is prone to multiple cross-site scripting vulnerabilities because it fails to sufficiently sanitize user-supplied data. An attacker may leverage these issues to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and to launch other attacks. WordPress versions ranging from 4.1 and up to (and including) 4.2.1 are vulnerable.","https://blog.sucuri.net/2015/05/jetpack-and-twentyfifteen-vulnerable-to-dom-based-xss.html","https://www.netsparker.com/cve-2015-3429-dom-xss-vulnerability-in-twenty-fifteen-wordpress-theme/","http://packetstormsecurity.com/files/131802/WordPress-Twenty-Fifteen-4.2.1-Cross-Site-Scripting.html","https://wordpress.org/news/2015/05/wordpress-4-2-2/","","CVE-2015-3429","CWE-79","AV:N/AC:M/Au:N/C:N/I:P/A:N/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress version 4.2.2 or latest","05/07/2015"],
["WordPress 4.2.2 Multiple Vulnerabilities","0.7","4.2.2","WordPress is prone to multiple vulnerabilities, including cross-site scripting and security bypass vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials and launch other attacks, or to perform otherwise restricted actions and subsequently create a draft through Quick Draft. WordPress versions prior and up to (and including) 4.2.2 are vulnerable.","https://klikki.fi/adv/wordpress3.html","https://twitter.com/klikkioy/status/624264122570526720","https://wordpress.org/news/2015/07/wordpress-4-2-3/","http://seclists.org/oss-sec/2015/q3/187","","CVE-2015-5622,CVE-2015-5623","CWE-79,CWE-264","AV:N/AC:M/Au:S/C:P/I:P/A:N/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N/E:U/RL:O/RC:C","Update to WordPress version 4.2.3 or latest","07/24/2015"],
["WordPress 4.2.3 Multiple Vulnerabilities","0.7","4.2.3","WordPress is prone to multiple vulnerabilities, including cross-site scripting, SQL injection and security bypass vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials and launch other attacks, to compromise the application, access or modify data or exploit vulnerabilities in the underlying database or to perform otherwise restricted actions and subsequently lock a post from being edited. WordPress versions prior to 4.2.4 are vulnerable.","https://blog.sucuri.net/2015/08/persistent-xss-vulnerability-in-wordpress-explained.html","http://blog.checkpoint.com/2015/08/04/wordpress-vulnerabilities-1/","http://blog.checkpoint.com/2015/08/11/finding-vulnerabilities-in-core-wordpress-a-bug-hunters-trilogy-part-ii-supremacy/","http://www.openwall.com/lists/oss-security/2015/08/04/7","https://wordpress.org/news/2015/08/wordpress-4-2-4-security-and-maintenance-release/","CVE-2015-2213,CVE-2015-5714,CVE-2015-5715,CVE-2015-5716,CVE-2015-5730,CVE-2015-5731,CVE-2015-5732,CVE-2015-5733,CVE-2015-5734","CWE-79,CWE-89,CWE-264","AV:N/AC:M/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C","","Update to WordPress version 4.2.4 or latest","08/12/2015"],
["WordPress 4.3 Multiple Vulnerabilities","0.7","4.3","WordPress is prone to multiple vulnerabilities, including cross-site scripting and security bypass vulnerabilities. Exploiting these issues could allow an attacker to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site, allowing the attacker to steal cookie-based authentication credentials and launch other attacks, or to perform otherwise restricted actions and subsequently publish private posts and make them sticky. WordPress versions prior and up to (and including) 4.3 are vulnerable.","http://blog.checkpoint.com/2015/09/15/finding-vulnerabilities-in-core-wordpress-a-bug-hunters-trilogy-part-iii-ultimatum/","http://drops.wooyun.org/papers/8988","https://wordpress.org/news/2015/09/wordpress-4-3-1/","","","CVE-2015-5714,CVE-2015-5715,CVE-2015-7989","CWE-79,CWE-264","AV:N/AC:M/Au:S/C:P/I:P/A:N/E:POC/RL:OF/RC:C","","Update to WordPress version 4.3.1 or latest","09/16/2015"],
["WordPress 4.4 Cross-Site Scripting Vulnerability","4.4","4.4","WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress version 4.4 is vulnerable.","https://www.incapsula.com/blog/incapsula-blocks-xss-vulnerability-wordpress-4-4-1.html","https://twitter.com/brutelogic/status/685105483397619713","https://wordpress.org/news/2016/01/wordpress-4-4-1-security-and-maintenance-release/","http://www.openwall.com/lists/oss-security/2016/01/08/4","","CVE-2016-1564","CWE-79","AV:N/AC:M/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress version 4.4.1 or latest","01/07/2016"],
["WordPress 4.3.x Cross-Site Scripting Vulnerability","4.3","4.3.1","WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress versions 4.3.x ranging from 4.3 and up to (and including) 4.3.1 are vulnerable.","https://www.incapsula.com/blog/incapsula-blocks-xss-vulnerability-wordpress-4-4-1.html","https://twitter.com/brutelogic/status/685105483397619713","http://codex.wordpress.org/Version_4.3.2","http://www.openwall.com/lists/oss-security/2016/01/08/4","","CVE-2016-1564","CWE-79","AV:N/AC:M/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress version 4.3.2 or latest","01/08/2016"],
["WordPress 4.2.x Cross-Site Scripting Vulnerability","4.2","4.2.5","WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress versions 4.2.x ranging from 4.2 and up to (and including) 4.2.5 are vulnerable.","https://www.incapsula.com/blog/incapsula-blocks-xss-vulnerability-wordpress-4-4-1.html","https://twitter.com/brutelogic/status/685105483397619713","http://codex.wordpress.org/Version_4.2.6","http://www.openwall.com/lists/oss-security/2016/01/08/4","","CVE-2016-1564","CWE-79","AV:N/AC:M/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress version 4.2.6 or latest","01/08/2016"],
["WordPress 4.1.x Cross-Site Scripting Vulnerability","4.1","4.1.8","WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress versions 4.1.x ranging from 4.1 and up to (and including) 4.1.8 are vulnerable.","https://www.incapsula.com/blog/incapsula-blocks-xss-vulnerability-wordpress-4-4-1.html","https://twitter.com/brutelogic/status/685105483397619713","http://codex.wordpress.org/Version_4.1.9","http://www.openwall.com/lists/oss-security/2016/01/08/4","","CVE-2016-1564","CWE-79","AV:N/AC:M/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress version 4.1.9 or latest","01/08/2016"],
["WordPress 4.0.x Cross-Site Scripting Vulnerability","4.0","4.0.8","WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress versions 4.0.x ranging from 4.0 and up to (and including) 4.0.8 are vulnerable.","https://www.incapsula.com/blog/incapsula-blocks-xss-vulnerability-wordpress-4-4-1.html","https://twitter.com/brutelogic/status/685105483397619713","http://codex.wordpress.org/Version_4.0.9","http://www.openwall.com/lists/oss-security/2016/01/08/4","","CVE-2016-1564","CWE-79","AV:N/AC:M/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress version 4.0.9 or latest","01/08/2016"],
["WordPress 3.9.x Cross-Site Scripting Vulnerability","3.9","3.9.9","WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress versions 3.9.x ranging from 3.9 and up to (and including) 3.9.9 are vulnerable.","https://www.incapsula.com/blog/incapsula-blocks-xss-vulnerability-wordpress-4-4-1.html","https://twitter.com/brutelogic/status/685105483397619713","http://codex.wordpress.org/Version_3.9.10","http://www.openwall.com/lists/oss-security/2016/01/08/4","","CVE-2016-1564","CWE-79","AV:N/AC:M/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress version 3.9.10 or latest","01/08/2016"],
["WordPress 3.8.x Cross-Site Scripting Vulnerability","3.8","3.8.11","WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress versions 3.8.x ranging from 3.8 and up to (and including) 3.8.11 are vulnerable.","https://www.incapsula.com/blog/incapsula-blocks-xss-vulnerability-wordpress-4-4-1.html","https://twitter.com/brutelogic/status/685105483397619713","http://codex.wordpress.org/Version_3.8.12","http://www.openwall.com/lists/oss-security/2016/01/08/4","","CVE-2016-1564","CWE-79","AV:N/AC:M/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress version 3.8.12 or latest","01/08/2016"],
["WordPress Cross-Site Scripting Vulnerability","0.70","3.7.11","WordPress is prone to a cross-site scripting vulnerability because it fails to properly sanitize user-supplied input. An attacker may leverage this issue to execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This can allow the attacker to steal cookie-based authentication credentials and launch other attacks. WordPress versions ranging from 0.70 and up to (and including) 3.7.11 are vulnerable.","https://www.incapsula.com/blog/incapsula-blocks-xss-vulnerability-wordpress-4-4-1.html","https://twitter.com/brutelogic/status/685105483397619713","http://codex.wordpress.org/Version_3.7.12","http://www.openwall.com/lists/oss-security/2016/01/08/4","","CVE-2016-1564","CWE-79","AV:N/AC:M/Au:S/C:P/I:P/A:P/E:POC/RL:OF/RC:C","CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:N","Update to WordPress version 3.7.12 or latest","01/08/2016"],
["WordPress 4.4.x Multiple Vulnerabilities","4.4","4.4.1","WordPress is prone to multiple vulnerabilities, including server-side request forgery and open redirect vulnerabilities. Exploiting these issues could allow an attacker to make the vulnerable server perform port scanning of hosts in internal or external networks or to redirect users to arbitrary web sites and conduct phishing attacks; other attacks are also possible. WordPress versions ranging from 4.4 and up to (and including) 4.4.1 are vulnerable.","https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/","http://www.openwall.com/lists/oss-security/2016/02/04/6","","","","CVE-2016-2221,CVE-2016-2222","CWE-601,CWE-918","AV:N/AC:L/Au:N/C:P/I:P/A:N/E:H/RL:OF/RC:C","","Update to WordPress version 4.4.2 or latest","02/03/2016"],
["WordPress 4.3.x Multiple Vulnerabilities","4.3","4.3.2","WordPress is prone to multiple vulnerabilities, including server-side request forgery and open redirect vulnerabilities. Exploiting these issues could allow an attacker to make the vulnerable server perform port scanning of hosts in internal or external networks or to redirect users to arbitrary web sites and conduct phishing attacks; other attacks are also possible. WordPress versions ranging from 4.3 and up to (and including) 4.3.2 are vulnerable.","https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/","http://www.openwall.com/lists/oss-security/2016/02/04/6","","","","CVE-2016-2221,CVE-2016-2222","CWE-601,CWE-918","AV:N/AC:L/Au:N/C:P/I:P/A:N/E:H/RL:OF/RC:C","","Update to WordPress version 4.3.3 or latest","02/03/2016"],
["WordPress 4.2.x Multiple Vulnerabilities","4.2","4.2.6","WordPress is prone to multiple vulnerabilities, including server-side request forgery and open redirect vulnerabilities. Exploiting these issues could allow an attacker to make the vulnerable server perform port scanning of hosts in internal or external networks or to redirect users to arbitrary web sites and conduct phishing attacks; other attacks are also possible. WordPress versions ranging from 4.2 and up to (and including) 4.2.6 are vulnerable.","https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/","http://www.openwall.com/lists/oss-security/2016/02/04/6","","","","CVE-2016-2221,CVE-2016-2222","CWE-601,CWE-918","AV:N/AC:L/Au:N/C:P/I:P/A:N/E:H/RL:OF/RC:C","","Update to WordPress version 4.2.7 or latest","02/03/2016"],
["WordPress 4.1.x Multiple Vulnerabilities","4.1","4.1.9","WordPress is prone to multiple vulnerabilities, including server-side request forgery and open redirect vulnerabilities. Exploiting these issues could allow an attacker to make the vulnerable server perform port scanning of hosts in internal or external networks or to redirect users to arbitrary web sites and conduct phishing attacks; other attacks are also possible. WordPress versions ranging from 4.1 and up to (and including) 4.1.9 are vulnerable.","https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/","http://www.openwall.com/lists/oss-security/2016/02/04/6","","","","CVE-2016-2221,CVE-2016-2222","CWE-601,CWE-918","AV:N/AC:L/Au:N/C:P/I:P/A:N/E:H/RL:OF/RC:C","","Update to WordPress version 4.1.10 or latest","02/03/2016"],
["WordPress 4.0.x Multiple Vulnerabilities","4.0","4.0.9","WordPress is prone to multiple vulnerabilities, including server-side request forgery and open redirect vulnerabilities. Exploiting these issues could allow an attacker to make the vulnerable server perform port scanning of hosts in internal or external networks or to redirect users to arbitrary web sites and conduct phishing attacks; other attacks are also possible. WordPress versions ranging from 4.0 and up to (and including) 4.0.9 are vulnerable.","https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/","http://www.openwall.com/lists/oss-security/2016/02/04/6","","","","CVE-2016-2221,CVE-2016-2222","CWE-601,CWE-918","AV:N/AC:L/Au:N/C:P/I:P/A:N/E:H/RL:OF/RC:C","","Update to WordPress version 4.0.10 or latest","02/03/2016"],
["WordPress 3.9.x Multiple Vulnerabilities","3.9","3.9.10","WordPress is prone to multiple vulnerabilities, including server-side request forgery and open redirect vulnerabilities. Exploiting these issues could allow an attacker to make the vulnerable server perform port scanning of hosts in internal or external networks or to redirect users to arbitrary web sites and conduct phishing attacks; other attacks are also possible. WordPress versions ranging from 3.9 and up to (and including) 3.9.10 are vulnerable.","https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/","http://www.openwall.com/lists/oss-security/2016/02/04/6","","","","CVE-2016-2221,CVE-2016-2222","CWE-601,CWE-918","AV:N/AC:L/Au:N/C:P/I:P/A:N/E:H/RL:OF/RC:C","","Update to WordPress version 3.9.11 or latest","02/03/2016"],
["WordPress 3.8.x Multiple Vulnerabilities","3.8","3.8.12","WordPress is prone to multiple vulnerabilities, including server-side request forgery and open redirect vulnerabilities. Exploiting these issues could allow an attacker to make the vulnerable server perform port scanning of hosts in internal or external networks or to redirect users to arbitrary web sites and conduct phishing attacks; other attacks are also possible. WordPress versions ranging from 3.8 and up to (and including) 3.8.12 are vulnerable.","https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/","http://www.openwall.com/lists/oss-security/2016/02/04/6","","","","CVE-2016-2221,CVE-2016-2222","CWE-601,CWE-918","AV:N/AC:L/Au:N/C:P/I:P/A:N/E:H/RL:OF/RC:C","","Update to WordPress version 3.8.13 or latest","02/03/2016"],
["WordPress 3.7.x Multiple Vulnerabilities","3.7","3.7.12","WordPress is prone to multiple vulnerabilities, including server-side request forgery and open redirect vulnerabilities. Exploiting these issues could allow an attacker to make the vulnerable server perform port scanning of hosts in internal or external networks or to redirect users to arbitrary web sites and conduct phishing attacks; other attacks are also possible. WordPress versions ranging from 3.7 and up to (and including) 3.7.12 are vulnerable.","https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/","http://www.openwall.com/lists/oss-security/2016/02/04/6","","","","CVE-2016-2221,CVE-2016-2222","CWE-601,CWE-918","AV:N/AC:L/Au:N/C:P/I:P/A:N/E:H/RL:OF/RC:C","","Update to WordPress version 3.7.13 or latest","02/03/2016"],
["WordPress Multiple Vulnerabilities","0.70","3.6.1","WordPress is prone to multiple vulnerabilities, including server-side request forgery and open redirect vulnerabilities. Exploiting these issues could allow an attacker to make the vulnerable server perform port scanning of hosts in internal or external networks or to redirect users to arbitrary web sites and conduct phishing attacks; other attacks are also possible. WordPress versions ranging from 0.70 and up to (and including) 3.6.1 are vulnerable.","https://wordpress.org/news/2016/02/wordpress-4-4-2-security-and-maintenance-release/","http://www.openwall.com/lists/oss-security/2016/02/04/6","","","","CVE-2016-2221,CVE-2016-2222","CWE-601,CWE-918","AV:N/AC:L/Au:N/C:P/I:P/A:N/E:H/RL:OF/RC:C","","Update to WordPress version 3.7.13 or latest","02/03/2016"]
);
